Files
bifrost/examples/plugins/http-transport-only/README.md
Beyhan Oğur 880f412e2c first commit
2026-04-26 21:52:23 +03:00

128 lines
2.8 KiB
Markdown

# HTTP-Transport-Only Plugin Example
This example demonstrates a plugin that only implements the `HTTPTransportPlugin` interface for HTTP-layer request/response interception.
## Features
- **HTTPTransportPreHook**: Intercepts HTTP requests before they enter Bifrost core
- Authentication validation
- Rate limiting (in-memory, per API key)
- Request validation (size limits)
- Custom header injection
- Request short-circuiting for auth failures
- **HTTPTransportPostHook**: Intercepts HTTP responses after Bifrost core processing
- CORS header injection
- Security headers
- Request duration tracking
- Error response enrichment
- Response logging
## Use Cases
- **Security**
- Authentication/Authorization
- API key validation
- Request sanitization
- **Rate Limiting**
- Per-user limits
- Per-endpoint limits
- Burst protection
- **Observability**
- Request/response logging
- Performance monitoring
- Access tracking
- **Compliance**
- CORS enforcement
- Security headers
- Request/response auditing
## Building
```bash
make build
```
This creates `build/http-transport-only.so`
## Configuration
Add to your Bifrost config:
```json
{
"plugins": [
{
"path": "/path/to/http-transport-only.so",
"name": "http-transport-only",
"display_name": "Security & Rate Limiting",
"enabled": true,
"type": "http_transport",
"config": {
"require_auth": true,
"rate_limit": 100,
"rate_window": 60,
"max_body_size": 1048576
}
}
]
}
```
**Note:**
- `name` is the system identifier (from `GetName()`) and is **not editable**
- `display_name` is shown in the UI and is **editable** by users
### Configuration Options
| Option | Type | Default | Description |
|--------|------|---------|-------------|
| `require_auth` | boolean | `true` | Enable/disable authentication header enforcement |
| `rate_limit` | integer | `10` | Maximum requests per window (0 = unlimited) |
| `rate_window` | integer | `60` | Rate limit window in seconds |
| `max_body_size` | integer | `1048576` | Maximum request body size in bytes (0 = unlimited) |
### Example Configurations
**Disable authentication:**
```json
{
"config": {
"require_auth": false,
"rate_limit": 1000
}
}
```
**Unlimited rate limiting:**
```json
{
"config": {
"require_auth": true,
"rate_limit": 0
}
}
```
**Strict limits:**
```json
{
"config": {
"require_auth": true,
"rate_limit": 10,
"rate_window": 60,
"max_body_size": 512000
}
}
```
## Notes
- This plugin operates at the HTTP transport layer only
- Works only when using bifrost-http, not when using Bifrost as a Go SDK
- Rate limiter is in-memory (resets on restart)
- For production, consider using Redis for distributed rate limiting